Filter
Top Products
4-5
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 7.2
OL-29168-01
Chapter 4 Configuring Interfaces
Understanding Interfaces
Note
There is only one sensing interface on the ASA IPS modules (ASA 5500-X IPS SSP and
ASA 5585-X IPS SSP), so you cannot designate an alternate TCP reset interface.
Table 4-2 lists the alternate TCP reset interfaces.
For More Information
For more information on choosing the alternate TCP interface, see Designating the Alternate TCP Reset
Interface, page 4-5.
Designating the Alternate TCP Reset Interface
Note
There is only one sensing interface on the ASA IPS modules (ASA 5500-X IPS SSP and
ASA 5585-X IPS SSP), so you cannot designate an alternate TCP reset interface.
You need to designate an alternate TCP reset interface in the following situations:
•
When a switch is being monitored with either SPAN or VACL capture and the switch does not accept
incoming packets on the SPAN or VACL capture port.
•
When a switch is being monitored with either SPAN or VACL capture for multiple VLANs, and the
switch does not accept incoming packets with 802.1q headers. The TCP resets need 802.1q headers
to tell which VLAN the resets should be sent on.
•
When a network tap is used for monitoring a connection. Taps do not permit incoming traffic from
the sensor.
Table 4-2 Alternate TCP Reset Interfaces
Sensor Alternate TCP Reset Interface
ASA 5512-X IPS SSP None
ASA 5515-X IPS SSP None
ASA 5525-X IPS SSP None
ASA 5545-X IPS SSP None
ASA 5555-X IPS SSP None
ASA 5585-X IPS SSP-10 None
ASA 5585-X IPS SSP-20 None
ASA 5585-X IPS SSP-40 None
ASA 5585-X IPS SSP-60 None
IPS 4345 Any sensing interface
IPS 4345-DC Any sensing interface
IPS 4360 Any sensing interface
IPS 4510 Any sensing interface
IPS 4520 Any sensing interface